Fighting cybercrime across the world
Cyber risk is growing for businesses across the world. Our analysis has shown that 2021 was a record year for vulnerabilities, and our latest Kroll Quarterly Threat Landscape Report found a 356% increase in common vulnerabilities and exposures (CVEs) or zero-day vulnerabilities being exploited for initial access when compared to Q3 2021. In the wake of high-profile vulnerability notifications, this underscores the speed at which cybercriminals can operate.
In Hong Kong, specifically, we’ve seen a huge increase in cybercrime. Data from the Financial Services Development Council shows that cyber incidents rose from 2,206 in 2011 to 12,916 in 2020 (representing an almost six-fold increase). The value of those crimes rose too, from HK$148 million in 2011 to a staggering HK$2.96 billion in 2020.
As cyberattacks continue to hit the headlines and firms suffer the financial penalties of security incidents, concern is growing. Increasingly, we are seeing demand for attack simulations and resilience testing, as well as preventative measures to monitor for suspicious activity that could later result in an incident.
Professional Services Sector at Risk
Our data has shown that the professional services sector continues to be a prime target for cyberattack, accounting for 16% of cyber cases in Q4 2021. Other industries in the top five targeted sectors included technology/telecommunications, healthcare, manufacturing and financial services. For the remaining sectors—education, pharmaceutical, construction, food and agriculture—there was an increase in the number of incidents largely due to ransomware, with the exception of education, where unauthorized access was primarily used to infiltrate systems.
The Most Prevalent Attacks
In terms of the most common sources of infection, phishing ranked highest, accounting for 39% of all suspected initial access methods over the final quarter of 2021. The effectiveness of phishing comes down to its exploitation of people rather than system. It has led to a consistent number of business email compromise attacks, which are then used to deploy malware or to trick users into entering credentials on fake landing pages. Most of these attacks lead to significant financial and operational loss for victims.
Third-party vulnerability (8.9%) and remote code execution (4.5%) featured among the top five infection vectors in Q4 2021. Social engineering also made its debut into the top five, accounting for around 4% of infections.
Another area at risk from adversaries is the supply chain. Smaller suppliers, who generally have a less sophisticated IT infrastructure and security systems in place, are attacked in an attempt to reach a larger company for which they may provide a service.
Building Cyber Resilience
Organizations can improve their resilience to cyberattacks in many ways. Particularly given the rate at which vulnerabilities are being exploited by attackers, a robust vulnerability management plan that prioritizes and coordinates patching updates will be important.
With regards to the extent of successful phishing attacks, it proves why workforce education is so critical and is a reason to assess your business in terms of its phishing resilience. Getting a better picture of how vulnerable a business is will be important from a risk evaluation standpoint.
Beyond this, there are a series of proactive measures that can be taken with penetration tests and red teaming, which aim to find vulnerabilities that threat actors could exploit. Monitoring technology to look for suspicious activity within an IT environment is also critical to stay one step ahead of attackers.
Our analysis of Q4 2021 highlights the rapid evolution of adversaries not only in terms of the actors themselves but also in their exploitation activities. Businesses must use actionable threat intelligence to guide their cyber security strategies, and in the event that attackers do manage to breach an organization’s systems, the incident response process should be clear and well-established to ensure fast validation, containment of the threat and support with post-incident recovery.
-- Contact us at [email protected]
-
Be swift and precise to attract businesses and investments Kenny Shui, Arthur Tsang
The Northern Metropolis vision was promulgated in the 2021 Policy Address, and the project entails huge investments. In addition to the various infrastructure investments revealed by the Government
-
Australia fights hard to attract Hong Kong talent Mark O'Neill
Since the passage of the National Security Law in 2020, Australia has been competing hard with Britain, Canada, New Zealand and other countries to attract talented people from Hong Kong. In the 2021
-
Why travelers to Hong Kong cannot dine out for Christmas? Ben Kwok
Say you invite someone to your home for a Christmas meal but ask them not to eat inside, would they come? Hong Kong is stuck in this awkward situation. Under the current “0+3” rule, for the first
-
How to promote walkability in Hong Kong Dr. Winnie Tang
Walking is the best exercise in the world because every step can drive the blood circulation within the human body and activate the muscles of the legs without assistance of any equipment. It is
-
How much time do we spend streaming and gaming? Ben Kwok
Thanks to the FIFA World Cup 2022, we would be able to watch the matches from as early as 6pm to as late as 3am, a much-needed entertainment during the pandemic. The Qatar tournament provided a boost
Aging APAC society to be the next hub for smart healthcare
Russia’s financial crisis must come sooner
Why travelers to Hong Kong cannot dine out for Christmas?
Let the WTO referee carbon border taxes
QE with Chinese characteristics?
Australia fights hard to attract Hong Kong talent
Be swift and precise to attract businesses and investments
Why do some countries struggle with soft power?
The gravest challenges to democracy come from within
